Add email password reset logic. #2
No reviewers
Labels
No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: muyrety/Smarter#2
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch ":auth/email"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR introduces functionality for email-based password resets using Python's built-in libraries working with the SMTP protocol. The implementation sends welcome and password reset emails formatted as shown here:
The motivation for this feature came from encountering password-related issues on uselis.eu, making this addition beneficial.
To configure email password resets, you need to set the following configuration variables:
EMAIL_USER
(SMTP login username, e.g.hi@example.com
)EMAIL_PASSWORD
(the SMTP login password to the corresponding user, e.g.Hunter2
)EMAIL_SERVER
(the SMTP server address and port, e.g.mail.example.com
ormail.example.com:1234
note: port 587 is implied (i.e. the default for secure email submission with authentication))Uhh yeah :D
Signed-off-by: Arija A. ari@ari.lt
newpw
check to reset check body. cfe3a2c508@ -89,1 +103,4 @@
- Team Smarter""",
)
except db.IntegrityError:
Username or email is taken
@ -153,0 +222,4 @@
).fetchone()
reset_token = secrets.token_hex(16)
Check if user exists:
if user_data is not None ...:
. Server panics with code 500 if there is no user with that username.@ -153,0 +237,4 @@
- Team Smarter""",
)
Storing the reset token in the session kinda defeats the purpose of email verification. The client can see the session contents. The only solution would be to store the reset token internally, probably in the SQL database.
True, but honestly I'll just hash it :) And oops about the session thing, I misremembered that it's encrypted, guess it's just signed.
@ -0,0 +41,4 @@
<button type="submit" class="btn btn-outline-primary" id="registerButton">Reset password</button>
</div>
</form>
Formatting needs to be fixed, same as auth/pwreset.html.
@ -0,0 +16,4 @@
<button type="submit" class="btn btn-outline-primary" id="pwresetButton">Reset password</button>
</div>
</form>
Text should be centered, maybe coloring it could also help. Top margin should be added.
The related content is below the comment, forgejo only shows code above the comment for some reason.
hell yeah 🔥🔥🔥